Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Comparison of Use Cases Implementation for Data Identifiers vs Classifications

 

 This section provides a detailed comparison of data identifiers and classifications use cases for different match conditions with instructions on implementing those use cases.

► Regular Expressions Match Use Cases with Implementation Details

    Use Cases

Data Identifiers
(CASB DLP Policy Implementation)

Classifications Implementation

Match on Skyhigh Built-In regular expressions

Use the Data Identifier rule to select one of the pre-defined categories

Create a classification to add one or more Skyhigh Built-In Advanced Patterns to classify your sensitive data. To achieve this use case, see Create Skyhigh Built-in Advanced Patterns.

​Click the image to view the zoomed-in version
clipboard_e89a915f787b56e492e7744039348c002.png

Apply validation algorithms to Skyhigh Built-In regular expressions

Pre-defined regular expressions use built-in validation algorithms such as Luhn 10 to reduce false positives. The validation algorithms used are defined in Skyhigh documentation.

Create a classification to add one or more Custom Advanced Pattern lists using Skyhigh Built-In Advanced Pattern lists and apply built-in or custom validation algorithms to reduce false positives. To achieve this use case, see Create Custom Advanced Patterns using Skyhigh Built-In Advanced Patterns.

​Click the image to view the zoomed-in version
clipboard_efa26634ee978b32be96761e7c25aa99b.png

Match on Custom regular expressions

Use the Data Identifier rule to select up to five custom regular expressions or use the Regular Expression rule to create custom regular expressions

Create a classification to add one or more Custom Advanced Patterns to classify your sensitive data. To achieve this use case, see Create Custom Advanced Patterns.

​Click the image to view the zoomed-in version
clipboard_ec999c1327367e429201d908171c1ad01.png

Re-use Custom regular expressions

This use case is not supported

Create a classification to add one or more existing Custom Advanced Pattern lists to classify your sensitive data. To achieve this use case, see Create Custom Advanced Patterns using Add Regex or AI RegEx Generator for Custom Advanced Patterns.

​Click the image to view the zoomed-in version
clipboard_e9d22e6337733be4c6983ab11fd769a13.png

Apply validation algorithms to Custom regular expressions

This use case is not supported

Create a classification to add one or more Custom Advanced Pattern lists and apply any of the 100+ built-in validation algorithms to reduce false positives. To achieve this use case, see Create Custom Advanced Patterns using Add Regex or AI RegEx Generator for Custom Advanced Patterns.

​Click the image to view the zoomed-in version
clipboard_e020eb7d44011ad2e73a833a9e532974e.png

Set a threshold for the number of regular expression matches in the Advanced Pattern List

Use the Data Identifier or Regular Expression rule and set the Match Count value

Create a classification to set an advanced pattern threshold value to trigger the DLP policy when the specified number of regular expressions are matched.

For example, use the Skyhigh built-in advanced pattern list named Credit Card Number (Mastercard) and set the weight for the advanced pattern to 3 for threshold matching. To set the threshold in the Advanced Pattern classifications, see Create Advanced Patterns.

​Click the image to view the zoomed-in version
clipboard_eeadf5994a8991c9e3e5665a028da4cd1.png

Count each match in an Advanced Pattern list only once

Use the Regular Expression rule and set the Count each match only one time option

Create a classification to set Count each match string only one time option in the Advanced Pattern. A regular expression can be matched multiple times with different terms, but each matched term is only counted once. To achieve this use case, see Create Custom Advanced Patterns using Add Regex or AI RegEx Generator for Custom Advanced Patterns.

​Click the image to view the zoomed-in version
clipboard_e84846987b095e9589032b62c0123f70b.png

Set different weights (scores) for each regular expression in a Custom Advanced Pattern list

This use case is not supported

Create a Custom Advanced Pattern classification and edit the score of each regular expression on a case-by-case basis. To achieve this use case, see Create Custom Advanced Patterns using Add Regex or AI RegEx Generator for Custom Advanced Patterns.

​Click the image to view the zoomed-in version
clipboard_e0c90143b765ac071b4139357f9b013f8.png
Match on Skyhigh Built-In and Custom regular expressions in specific sections of an email Use the Data Identifier or Regular Expression rule and set the Location option to match regular expressions on email subject and file metadata, or email subject, body, attachments and file content, or all sections of an email

Create a classification and use the newly created classification in your Sanctioned or Shadow DLP policy to match the section of the email to look for sensitive text patterns in Header or Everywhere. To achieve this use case, see Create Advanced PatternsCreate Custom Advanced Patterns using Add Regex, or AI RegEx Generator for Custom Advanced Patterns.

Click the image to view the zoomed-in version
clipboard_ec3e0e8331aff7df41fff4da75f6fac73.png

Exclude keywords from triggering a match on regular expressions

Use the Data Identifier rule and set the Exclude option to exclude dictionaries of terms or a manually entered list

Create a Custom Advanced Pattern classification and add lists of keywords on the Exceptions tab to exclude specific keywords from being matched by the DLP engine. You can also add regular expressions as exceptions to reduce false positives. To achieve this use case, see Create Custom Advanced Patterns using Add Regex or AI RegEx Generator for Custom Advanced Patterns.

​Click the image to view the zoomed-in version
clipboard_e4db6b3a8acc0492d34d568cbdfd69883.png

Exclude regular expressions from triggering a match on regular expressions

This use case is not supported

Create a Custom Advanced Pattern classification and add lists of regular expressions on the Exceptions tab to exclude specific regular expressions from being matched by the DLP engine. You can also add keywords as exceptions to reduce false positives. To achieve this use case, see Create Custom Advanced Patterns using Add Regex or AI RegEx Generator for Custom Advanced Patterns.

​Click the image to view the zoomed-in version
clipboard_e8775f2d3059c7cd833b7cdf039ba5307.png

Build complex matching rules by combining Skyhigh Built-In or Custom advanced pattern lists using OR, AND, and NOT operators

This use case is not supported

Create a classification by selecting ‘any of’, ‘all of’, or 'none of' Skyhigh Built-In Advanced Patterns or Custom Advanced Patterns, and use AND to combine it with other Advanced Pattern definitions. Use OR to add new rule group conditions and define new Advanced Pattern definitions. To achieve this use case, see Create Custom Advanced Patterns.

​Click the image to view the zoomed-in version
clipboard_e7df77682c5134c695eecb95f46913e80.png
► Proximity Match Use Cases with Implementation Details

    Use Cases

Data Identifiers
(CASB DLP Policy Implementation)

Classifications Implementation

Match on proximity between Skyhigh Built-In advanced patterns (regular expressions) and Skyhigh Built-In dictionaries (lists of keywords)

Use the Data Identifier rule to select any one of the pre-defined category with its associated dictionary

Create a classification to add one or more Skyhigh Built-In Advanced Pattern lists in proximity with one or more Skyhigh Built-In dictionaries and their keywords to classify your sensitive data. To achieve this use case, see Proximity Use Cases.

​Click the image to view the zoomed-in version
clipboard_efd85865d59e2785727766026c409846b.png

Match on proximity between Custom advanced patterns (regular expressions) and Custom dictionaries (lists of keywords)

Use the Data Identifier rule to select up to five custom regular expressions in proximity with one custom dictionary or one of the three pre-defined dictionaries

Create a classification to add one or more Custom Advanced Pattern lists in proximity with one or more Custom dictionaries and their keywords to classify your sensitive data. To achieve this use case, see Proximity Use Cases.

​Click the image to view the zoomed-in version
clipboard_e4fd643409b3cae5da1811dc7228a5511.png

Match on proximity between Skyhigh Built-In and Custom Dictionaries (lists of keywords)

This use case is not supported

Create a classification to add one or more Skyhigh Built-In dictionaries and their keywords in proximity with one or more Custom dictionaries and their keywords to classify your sensitive data. To achieve this use case, see Proximity Use Cases.

​Click the image to view the zoomed-in version
clipboard_ea8c25c0efa13b6b51d37e818b6b4fce2.png

Match on proximity between Skyhigh Built-In and Custom advanced patterns (regular expressions)

This use case is not supported

Create a classification to add one or more Skyhigh Built-In Advanced Pattern lists in proximity with one or more Custom Advanced Pattern lists to classify your sensitive data. To achieve this use case, see Proximity Use Cases.

​Click the image to view the zoomed-in version
clipboard_ec74ed63f2b7181ed3341eb42d1ab07e2.png

Match on proximity between advanced patterns (regular expressions) and dictionaries (lists of keywords) with unique match criteria

Use the Data Identifier rule to select regular expression lists in proximity with keyword lists and enable the Count each match only one time option

Create a classification to add one or more Advanced Pattern lists in proximity with one or more Dictionaries, and configure the Match Criteria Settings in the proximity rule. You can customize the settings of the match criteria for your proximity rule to control how match strings are paired to trigger unique proximity matches. This option reduces false positives by counting each match string only once, eliminating non-unique matches. To achieve this use case, see Advanced Proximity Use Cases.

​Click the image to view the zoomed-in version
clipboard_ef287a9324b4f43814f6bcc373aa43232.png
► Keywords or List of Keywords (Dictionaries) with Implementation Details

    Use Cases

Data Identifiers
(CASB DLP Policy Implementation)

Classifications Implementation

Match on Skyhigh Built-In lists of keywords

Use keywords to build rules by selecting one of the three pre-defined dictionaries

Create a classification to add one or more Skyhigh Built-In dictionaries and their keywords to classify your sensitive data. To achieve this use case, see Create a Classification using Skyhigh Security Built-in Dictionary.

► Click the image to view the zoomed-in version

clipboard_e57df2c24e32f250de31fce018915af0f.png

Match on Custom lists of keywords

Use keywords to build rules using a Custom Dictionary

Create a classification to add one or more Custom Dictionaries and their keywords to classify your sensitive data. To achieve this use case, see Create a Custom Dictionary.

► Click the image to view the zoomed-in version

clipboard_e44abd9d7543f5b6853f9cf471e0f76bc.png

Match on list of keywords only (without creating a Dictionary)

 

Use keywords to build rules using a comma-separated list

Create a Keyword classification to add a list of keywords that define sensitive data. Any match will count as detection. You can add multiple keywords, separated by commas for content classification. To achieve this use case, see Create a Classification using Keywords.

► Click the image to view the zoomed-in version

clipboard_efbf1e803a5b38925eb2f4f0bc14b4be2.png

Count each match in a keyword list only once

Use keywords and set the “Count each match only one-time” option

Create a classification to set Count each match string only one time option in the Dictionary. Activating this option eliminates the duplicate matched keywords in a dictionary and ensures that each matched keyword is counted only once. To achieve this use case, see Skyhigh Built-In Dictionary or Custom Dictionary.

► Click the image to view the zoomed-in version

clipboard_e179dcc12ac888ef3b927720c652d803a.png 

Match all keywords in a Dictionary list

Use keywords and set the “Match Criteria” to “All”

Create a classification to set the match threshold on the Classification editor equal to the number of items (keywords) found in the Dictionary list and to avoid counting duplicate keywords multiple times, enable the checkbox Count each match string only one time.

To achieve this use case, see Skyhigh Built-In Dictionary or Custom Dictionary.

► Click the image to view the zoomed-in version
clipboard_e1256ed7b005d9127470c1a080521f3ea.png

Set a threshold for the number of keyword matches in the Dictionary

Use keywords and set the “Match Count” value

Create a classification to set a dictionary threshold value to trigger the DLP policy when the specified number of keywords are matched.

For example, you have chosen to use the Skyhigh built-in dictionary, which contains over 50 keywords. But you need only 20 random keywords from that dictionary to match and trigger an incident. To accomplish this, you need to set the weight for the dictionary to 20 for threshold matching. To set the threshold in the Dictionary classifications, see Skyhigh Built-In Dictionary or Custom Dictionary.

► Click the image to view the zoomed-in version

clipboard_e9c30c362d1dd8127384656ac7bd13850.png

Set different weights (scores) for each keyword in a Custom Dictionary list

This use case is not supported

Create a Custom Dictionary classification and edit the score of each keyword on a case-by-case basis. To achieve this use case, see Set Advanced Dictionary.

► Click the image to view the zoomed-in version

clipboard_e53a7a6377bdacaa592e3752233637516.png

Set the case sensitivity for each keyword in a Custom Dictionary list

Use Keywords and set the “Case Sensitive” attribute appropriately

Create a Custom Dictionary classification and set the case sensitivity of each keyword on a term-by-term basis. To achieve this use case, see Set Advanced Dictionary.

► Click the image to view the zoomed-in version

clipboard_e20d73bc6cce540dfbfb8e0f81581620f.png

Exclude special characters from triggering a match on keywords By default, the Keyword rule allows all special characters to match on keywords

Create a Custom Dictionary classification and add list of keywords along with special characters precisely to be matched by the DLP engine. This enables the DLP engine to exclude matches on similar keywords with other special characters to reduce false positives. To achieve this use case, see Create a Custom Dictionary.

► Click the image to view the zoomed-in version

clipboard_eb3f3d88fe1daefd5bff5a631bf349114.png

Match on Skyhigh Built-In or Custom lists of keywords in specific sections of an email Use the Keyword rule and set the Location option to match keywords on email subject and file metadata, or email subject, body, attachments and file content, or all sections of an email

Create a classification and use the newly created classification in your Sanctioned or Shadow DLP policy to match the section of the email to look for sensitive keywords in Header or Everywhere. To achieve this use case, see Create a Classification using Dictionary or Create a Custom Dictionary.

► Click the image to view the zoomed-in version

clipboard_ecdad74150e2b97eac9d0c0fd93f40aa8.png

Allow partial string match for each keyword in the Custom Dictionary list

This use case is not supported

Create a Custom Dictionary classification and set the “Starts with” or “Ends with” flags appropriately for each keyword. To achieve this use case, see Set Advanced Dictionary.

► Click the image to view the zoomed-in version

clipboard_ee678658494d089f0ccfba8feb04e0452.png

Build complex matching rules by combining Skyhigh Built-In or Custom keyword lists using OR, AND, and NOT operators

This use case is not supported

Create a classification by selecting ‘any of’, ‘all of’, or 'none of' Skyhigh Built-In Dictionaries or Custom Dictionaries, and use AND to combine it with other Dictionary definitions. Use OR to add new rule group conditions and define new Dictionary definitions. To achieve this use case, see Create Complex Matching Rules using Boolean Logic.

► Click the image to view the zoomed-in version

clipboard_e5b4d8d222c82ee445a72e2464bd404e8.png

Build complex matching rules by setting different thresholds for Skyhigh Built-In or Custom keyword lists

This use case is not supported

Create a classification by selecting ‘any of’ or ‘all of’ Skyhigh Built-In Dictionaries or Custom Dictionaries, and set different thresholds for each Dictionary definition. To achieve this use case, see Set Threshold for Dictionaries.

► Click the image to view the zoomed-in version

clipboard_e35c57a6087fc13154f8ee95d241ae184.png

► File Names Match Use Cases with Implementation Details

    Use Cases

Data Identifiers
(CASB DLP Policy Implementation)

Classifications Implementation

Match on file names

Use File Name to build rules matching on either a custom list of file names, or a manually entered list

Create a classification to match a set of files based on exact file names such as finance_report_Q1_2024.xlsx and budget_presentation_2024.pptx which can be combined into one set.

File name sets can be created using plain text values with the "is" operator. To achieve this use case, see Create a Classification using File Name Set.

​Click the image to view the zoomed-in version
clipboard_e41983e3a9c1816396606bf2f585d91bf.png

Match on partial file names

Use File Name to build rules matching on either a custom list of file names, or a manually entered list using glob patterns

Create a classification to match a set of files based on partial file names such as Q1, 2024-2025 which can be combined into one set.

File name sets can be created using plain text values with the "contains" operator. To achieve this use case, see Create a Classification using File Name Set.

​Click the image to view the zoomed-in version
clipboard_ed8f59b7bada2cc11de0dbf90124ac9a9.png

Match on file extensions

Use File Name to build rules matching on either a custom list of file names, or a manually entered list using glob patterns

Create a classification to match a set of files based on file extensions such as PPS, PPT, and PPTX which can be combined into one set.

File extension sets can be created using Skyhigh predefined or custom file extensions. To achieve this use case, see File Extensions.

​Click the image to view the zoomed-in version
clipboard_e602d22f76f10e713cec2aa581b83361a.png
► File Size Match Use Case with Implementation Details
Use Case Data Identifiers (CASB DLP Policy Implementation) Classifications Implementation

Match on file sizes (greater than, lesser than, or between)

Use File Size to build rules matching on files based on specific criteria

Create a classification to match and detect files based on file size ranges.

File size classifications can be created using operators (greater than, lesser than, or between), values, and units (bytes, kilobytes, and megabytes). To achieve this use case, see File Sizes.

​Click the image to view the zoomed-in version
clipboard_e405fa87f2be2ea55edbb5cbef8f0c1c6.png
► True File Type Match Use Case with Implementation Details
Use Case Data Identifiers (CASB DLP Policy Implementation) Classifications Implementation

Match on files for specific file types

Use the File Type rule to match files based on specific file formats

Create a classification to match and detect the file using specific true file types such as Microsoft Word, Microsoft PowerPoint, Microsoft Word, and more. To achieve this use case, see True File Type.

​Click the image to view the zoomed-in version
clipboard_e0742e610fd9e8732950c6d31de174b4e.png
► Document Properties Match Use Case with Implementation Details
Use Case Data Identifiers (CASB DLP Policy Implementation) Classifications Implementation

Match on file metadata

This use case is not supported 

Create a classification to match a set of document properties based on file metadata such as Author or Keywords (Tags), or Last Saved By which can be combined into one set.

Document properties set can be created using Skyhigh pre-defined or custom document properties(file metadata). To achieve this use case, see Document Properties.

► Click the image to view the zoomed-in version
clipboard_e694db00ede642b66cba552bb15dcacbd.png
► File Encryption Type Match Use Case with Implementation Details
Use Case Data Identifiers (CASB DLP Policy Implementation) Classifications Implementation

Match on file for specific encryption type

This use case is not supported 

Create a classification to match and detect the file using specific file encryption types such as Trellix Endpoint Encryption, Seclore Rights Management Encryption, and more. To achieve this use case, see File Encryption Type.

► Click the image to view the zoomed-in version
clipboard_ee364ced0d59ffe00d3ac6b04fc72d913.png
► Location in File Match Use Case with Implementation Details
Use Case Data Identifiers (CASB DLP Policy Implementation) Classifications Implementation
Match on file section to limit the sensitive content of a document This use case is not supported 

Create a classification to match the section of the file to look for sensitive content in the Header, Footer, Body, or within the first X characters. The location in file match condition is limited to Word and PowerPoint documents. To achieve this use case, see Location in File.

► Click the image to view the zoomed-in version

Location in file.png

  • Was this article helpful?